CernVM-FS  2.9.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
signature.h
Go to the documentation of this file.
1 
5 #ifndef CVMFS_SIGNATURE_H_
6 #define CVMFS_SIGNATURE_H_
7 
8 #include <pthread.h>
9 
10 #include <openssl/bio.h>
11 #include <openssl/engine.h>
12 #include <openssl/err.h>
13 #include <openssl/evp.h>
14 #include <openssl/pem.h>
15 #include <openssl/rsa.h>
16 #include <openssl/x509.h>
17 
18 #include <cstdio>
19 #include <string>
20 #include <vector>
21 
22 #include "hash.h"
23 
24 namespace signature {
25 
26 class SignatureManager {
27  public:
28  SignatureManager();
29 
30  void Init();
31  void Fini();
32  std::string GetCryptoError();
33 
34  void UnloadPrivateKey();
35  void UnloadPublicRsaKeys();
36  void UnloadPrivateMasterKey();
37  void UnloadCertificate();
38 
39  bool LoadPrivateMasterKeyPath(const std::string &file_pem);
40  bool LoadPrivateKeyPath(const std::string &file_pem,
41  const std::string &password);
42  bool LoadCertificatePath(const std::string &file_pem);
43  bool LoadCertificateMem(const unsigned char *buffer,
44  const unsigned buffer_size);
45  bool WriteCertificateMem(unsigned char **buffer, unsigned *buffer_size);
46  bool KeysMatch();
47  bool VerifyCaChain();
48  std::string Whois();
49  shash::Any HashCertificate(const shash::Algorithms hash_algorithm);
50  std::string FingerprintCertificate(const shash::Algorithms hash_algorithm);
51  static shash::Any MkFromFingerprint(const std::string &fingerprint);
52 
53  bool LoadPublicRsaKeys(const std::string &path_list);
54  bool LoadBlacklist(const std::string &path_blacklist, bool append);
55  std::vector<std::string> GetBlacklist();
56 
57  bool LoadTrustedCaCrl(const std::string &path_list);
58 
59  bool Sign(const unsigned char *buffer, const unsigned buffer_size,
60  unsigned char **signature, unsigned *signature_size);
61  bool SignRsa(const unsigned char *buffer, const unsigned buffer_size,
62  unsigned char **signature, unsigned *signature_size);
63  bool Verify(const unsigned char *buffer, const unsigned buffer_size,
64  const unsigned char *signature, unsigned signature_size);
65  bool VerifyRsa(const unsigned char *buffer, const unsigned buffer_size,
66  const unsigned char *signature, unsigned signature_size);
67  bool VerifyLetter(const unsigned char *buffer, const unsigned buffer_size,
68  const bool by_rsa);
69  bool VerifyPkcs7(const unsigned char *buffer, const unsigned buffer_size,
70  unsigned char **content, unsigned *content_size,
71  std::vector<std::string> *alt_uris);
72  static void CutLetter(const unsigned char *buffer,
73  const unsigned buffer_size,
74  const char separator,
75  unsigned *letter_length,
76  unsigned *pos_after_mark);
77 
78  // Returns the PEM-encoded text of all loaded RSA pubkeys
79  std::string GetActivePubkeys() const;
80  // The PEM-encoded private key matching the public master key
81  std::string GetPrivateMasterKey();
82  // The PEM-encoded certificate without private key
83  std::string GetCertificate() const;
84  // The PEM-encoded private key matching the certificate
85  std::string GetPrivateKey();
86 
87  void GenerateMasterKeyPair();
88  void GenerateCertificate(const std::string &cn);
89 
90  private:
91  RSA *GenerateRsaKeyPair();
92  std::string GenerateKeyText(RSA *pubkey) const;
93 
94  void InitX509Store();
95 
96  EVP_PKEY *private_key_;
97  RSA *private_master_key_;
98  X509 *certificate_;
99  std::vector<RSA *> public_keys_;
100  pthread_mutex_t lock_blacklist_;
101  std::vector<std::string> blacklist_;
102  X509_STORE *x509_store_;
103  X509_LOOKUP *x509_lookup_;
104 }; // class SignatureManager
105 
106 } // namespace signature
107 
108 #endif // CVMFS_SIGNATURE_H_
signature::SignatureManager::SignRsa
bool SignRsa(const unsigned char *buffer, const unsigned buffer_size, unsigned char **signature, unsigned *signature_size)
Definition: signature.cc:778
signature::SignatureManager::blacklist_
std::vector< std::string > blacklist_
Definition: signature.h:101
signature::SignatureManager::MkFromFingerprint
static shash::Any MkFromFingerprint(const std::string &fingerprint)
Definition: signature.cc:623
signature::SignatureManager::GetCertificate
std::string GetCertificate() const
Definition: signature.cc:370
signature::SignatureManager::GetCryptoError
std::string GetCryptoError()
Definition: signature.cc:136
signature::SignatureManager::lock_blacklist_
pthread_mutex_t lock_blacklist_
Definition: signature.h:100
signature::SignatureManager::LoadCertificateMem
bool LoadCertificateMem(const unsigned char *buffer, const unsigned buffer_size)
Definition: signature.cc:244
signature::SignatureManager::Verify
bool Verify(const unsigned char *buffer, const unsigned buffer_size, const unsigned char *signature, unsigned signature_size)
Definition: signature.cc:812
signature::SignatureManager::GetPrivateKey
std::string GetPrivateKey()
Definition: signature.cc:386
signature::SignatureManager::HashCertificate
shash::Any HashCertificate(const shash::Algorithms hash_algorithm)
Definition: signature.cc:574
signature::SignatureManager::CutLetter
static void CutLetter(const unsigned char *buffer, const unsigned buffer_size, const char separator, unsigned *letter_length, unsigned *pos_after_mark)
Definition: signature.cc:893
signature::SignatureManager::public_keys_
std::vector< RSA * > public_keys_
Definition: signature.h:99
signature::SignatureManager::LoadPrivateKeyPath
bool LoadPrivateKeyPath(const std::string &file_pem, const std::string &password)
Definition: signature.cc:171
signature::SignatureManager::GenerateCertificate
void GenerateCertificate(const std::string &cn)
Definition: signature.cc:452
shash::Algorithms
Algorithms
Definition: hash.h:39
signature::SignatureManager::GetActivePubkeys
std::string GetActivePubkeys() const
Definition: signature.cc:357
signature::SignatureManager::LoadTrustedCaCrl
bool LoadTrustedCaCrl(const std::string &path_list)
Definition: signature.cc:552
signature::SignatureManager::VerifyPkcs7
bool VerifyPkcs7(const unsigned char *buffer, const unsigned buffer_size, unsigned char **content, unsigned *content_size, std::vector< std::string > *alt_uris)
Definition: signature.cc:970
signature::SignatureManager::Sign
bool Sign(const unsigned char *buffer, const unsigned buffer_size, unsigned char **signature, unsigned *signature_size)
Definition: signature.cc:730
signature::SignatureManager::LoadCertificatePath
bool LoadCertificatePath(const std::string &file_pem)
Definition: signature.cc:217
signature::SignatureManager::GenerateKeyText
std::string GenerateKeyText(RSA *pubkey) const
Definition: signature.cc:334
signature::SignatureManager::WriteCertificateMem
bool WriteCertificateMem(unsigned char **buffer, unsigned *buffer_size)
Definition: signature.cc:663
signature::SignatureManager::VerifyRsa
bool VerifyRsa(const unsigned char *buffer, const unsigned buffer_size, const unsigned char *signature, unsigned signature_size)
Definition: signature.cc:859
signature::SignatureManager::LoadPrivateMasterKeyPath
bool LoadPrivateMasterKeyPath(const std::string &file_pem)
Definition: signature.cc:153
signature::SignatureManager::LoadBlacklist
bool LoadBlacklist(const std::string &path_blacklist, bool append)
Definition: signature.cc:508
signature::SignatureManager::x509_lookup_
X509_LOOKUP * x509_lookup_
Definition: signature.h:103
signature::SignatureManager::GetPrivateMasterKey
std::string GetPrivateMasterKey()
Definition: signature.cc:402
signature::SignatureManager::LoadPublicRsaKeys
bool LoadPublicRsaKeys(const std::string &path_list)
Definition: signature.cc:277
signature::SignatureManager::FingerprintCertificate
std::string FingerprintCertificate(const shash::Algorithms hash_algorithm)
Definition: signature.cc:601
signature::SignatureManager::VerifyLetter
bool VerifyLetter(const unsigned char *buffer, const unsigned buffer_size, const bool by_rsa)
Definition: signature.cc:929
signature::SignatureManager::GetBlacklist
std::vector< std::string > GetBlacklist()
Definition: signature.cc:539